IEEE Access (Jan 2021)

Reusable Security Requirements Repository Implementation Based on Application/System Components

  • Ferda Ozdemir Sonmez,
  • Banu Gunel Kilic

DOI
https://doi.org/10.1109/ACCESS.2021.3133020
Journal volume & issue
Vol. 9
pp. 165966 – 165988

Abstract

Read online

Forming high quality requirements has a direct impact on project success. Gathering security requirements could be challenging, since it demands a multidisciplinary approach and security expertise. Security requirements repository enables an effective alternative for addressing this challenge. The main objective of this paper is to present the design of a practical repository model for reusable security requirements, which is easy to use and understand for even non-security experts. The paper also portrays an approach and a software tool for using this model to determine subtle security requirements for improved coverage. Proposed repository consists of attributes determined by examining common security problems covered in state-of-the-art publications. A test repository was prepared using specification files and Common Criteria documents. The outcomes of applying the proposed model were compared with the sample requirement sets included in the state-of-the-art publications. The results reveal that in the absence of a security requirements repository, key security points can be missed. Repository improves the completeness of the security terms with reasonable effort.

Keywords